The Hacker News — Cyber Security, Hacking, Technology News

Google has identified and blocked unauthorized digital certificates for a number of its domains issued by the National Informatics Centre (NIC) of India, a unit of India’s Ministry of Communications and Information Technology.

National Informatics Center (NIC) holds several intermediate Certification Authority (CA) certs trusted by the Indian government’s top CA, Indian Controller of Certifying Authorities (India CCA), which are included in the Microsoft Root Store and so are trusted by a large number of applications running on Windows, including Internet Explorer and Chrome.

The use of rogue digital certificates could result in a potentially serious security and privacy threat that could allow an attacker to spy on an encrypted communication between a user’s device and a secure HTTPS website, which is thought to be secure.

Google became aware of the fake certificates last Wednesday on July 2 and within 24 hours, the Indian Controller of Certifying Authorities (India CCA) revoked all the NIC intermediate certificates and also issued a CRLSet to block the fraudulent certificates in Chrome. CRLSets enable Chrome to block certificates in an emergency.

The search engine giant believes that no other root stores include the Indian CCA certificates, which means that Chrome on any other operating systems, Chrome OS, Android, iOS and OS X were not affected.

“Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misused certificates for other sites may exist,” said Google security engineer Adam Langley.

Langley added that “Chrome users do not need to take any action to be protected by the CRLSet updates. We have no indication of widespread abuse and we are not suggesting that people change passwords.”

It’s the second high-profile incident of a government agency caught issuing fake SSL certificates since December, when Google revoked trust for a digital certificate for several of its domains, mistakenly signed by a French government intermediate certificate authority.

Google has taken many measures to advance the security of its certificates, as SSL certificates are still one of the core elements of online security and still, since hundreds of entities issue certificates, it makes the company difficult to identify fake certs that aren’t following proper procedures.

One such measure is Google’s recently launched Certificate Transparency project, which provides an open framework for monitoring and auditing SSL certificates in nearly real time. Specifically, Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority.

DigiCert was one of the first Certificate Authority’s to implement Certificate Transparency after working with Google for a year to pilot the project.

Google also upgraded its SSL certificates from 1024-bit to 2048-bit RSA to make them more secure and unbreakable. Because longer key length would make it even more difficult for a cyber criminal to break the SSL connections that secure your emails, banking transactions and many more.

The Iranian hackers may have spent years in running a creative and most dedicated cyber espionage campaign to steal government credentials with the help of Social Media including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger.

A Dallas-based computer-security firm, iSIGHT Partners, has exposed today a three-year old cyber espionage campaign which they believe to have originated in Iran, targeting a number of military and political leaders in the United States, Israel and other countries by creating false social networking accounts and a fake news website.

The security firm dubbed the cyber espionage operation as ‘Newscaster’, under which the iranian hackers are using more than a dozen social-media accounts of fake personas on social media sites such as Facebook, Twitter, and LinkedIn and targeted at least 2,000 people.

Since 2011, the Iranian hackers group has targeted current and former senior U.S. military officials, including a four-star U.S. Navy admiral, U.S. lawmakers and ambassadors, members of the U.S.-Israeli lobby, diplomats, journalists from Washington D.C., as well as personnel from more than 10 U.S. and Israeli defense contractors, according to the cyber security research firm.

“We've never seen a cyber espionage campaign from the Iranians as complex, broad reaching and persistent as this one,” says Tiffany Jones, senior vice president of client services at iSIGHT “The dozen or so primary fictitious personas have done a pretty successful job over the last few years in gleaning thousands of connections and ultimately targeting legitimate individuals through their social media networks.”

The core part of the operation is the fake news site known as NewsOnAir.org, registered in Tehran and located on a server that hosted mostly Iranian Web sites. The website is owned and operated by a fake media mogul named Joseph Nillson, whom they illustrated using a photo of Alexander McCall Smith, author of The No.1 Ladies’ Detective Agency.

This fake news website served the articles from other legitimate news sites but post under the names of six fake authors and thereby linked the published article from the fake identities in order to masquerade their targets. The fake personas impersonated to be working as a journalist, government employee or a defense contractor.

Once they gain the trust of their targets and befriend them through fake profiles, the hackers sent malicious links by emails which when accessed, would unleash malware designed primarily to steal email account credentials. The link directs people to fake login screens in order to steal their usernames and passwords.

The firm has not revealed the identity of the victims and the kind of data the hackers had stolen, who were seeking credentials to access government and corporate networks, as well as infect machines with malicious software. It’s also unclear that how many credentials hackers had captured till now.

“If it’s been going on for so long, clearly they have had success,” iSight Executive Vice President Tiffany Jones told Reuters.

The purpose of the hack is also not clear, but the cyber-threat intelligence firm suggested that Newscaster's accesses may support the development of weapon systems or provide insight into U.S. military actions and negotiations with Middle Eastern countries.

In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities.

After analyzing the Log file from the victim's server, we have noticed many Wordpress CMS based educational (.EDU) and Government (.GOV) websites from where the attack was originated.

In the past we have reported about many such cyber attacks, where attackers hacked into the Wordpress blogs using password brute-force attack or they used the PINGBACK vulnerability in older versions of Wordpress without compromising the server.

WordPress has a built in functionality called Pingback, which allows anyone to initiate a request from WordPress to an arbitrary site and it can be used for a single machine to originate millions of requests from multiple locations.

We have seen more than 100,000 IP addresses involved in the recent DDOS attack and the victim's Forum website received more than 40,000 requests in 7 minutes from different Wordpress blogs and IP addresses.

In this recent attack, we have noticed more than 4000 .EDU and .GOV sites along with thousands of other abused sites, including following:

open.nasa.gov

oversight.house.gov

digitalbusiness.gov.au

pilr.blogs.law.pace.edu

itp.nyu.edu/~mlt324/MattTsBlog

cctevents.creighton.edu

tech.journalism.cuny.edu

languagelog.ldc.upenn.edu/nll

researchcenter.journalism.cuny.edu

testkitchen.colorado.edu

smartpyme.blogs.uoc.edu

journalism.cuny.edu

blogs.ei.columbia.edu

cctevents.creighton.edu

admissions.vanderbilt.edu/vandybloggers

erb.umich.edu

metalab.harvard.edu

greenlaw.blogs.law.pace.edu

and thousands more..

These large servers can cause much more damage in DDoS attacks because the servers have the large network bandwidth and are capable of generating significant amounts of traffic.

At this time it's not clear that either these Wordpress blogs are compromised or the Pingback vulnerability was used to perform the attack.

But It’s always wise to learn from other’s mistake. If you still use 'admin' or common name as a user name on your blog, change it, use a strong password. There are also security plug-ins available, two-factor authentication options available for WordPress and of course make sure you are up-to-date on the latest version of WordPress.

Last week we noticed a rise in cyber attacks particularly - website Defacement attacks on many governments and organizations of different countries by the hackers around the world.

Targeted countries include Singapore, Mexico, Philippines, Australia, Egypt, United States, Syria and many more. Out of all these targets, most controversial were Philippines and Australia, hacked by Activist group Anonymous.

Last Sunday, Anonymous hackers from Indonesia defaced hundreds of websites belonging to the Australian Government, saying the action was in response to reports of spying by Australia. The websites, defaced with a message reading "Stop Spying on Indonesia". We have shared the list of all targeted website on a pastebin note.

In a separate incident, Anonymous hackers defaced more than 38 Philippine Government websites, and called on the public to support an anti-corruption protest “Million Mask March” at the Batasang Pambansa on November 5. “The government, in many ways, has failed its Filipino citizens,” the hackers added. “We have been deprived of things which they have promised to give; what our late heroes have promised us to give.”

National and local government agencies and the website of the Office of the Ombudsman, Philippine Embassy in Seoul, Insurance Commission, Vigan and Cardon Cities Official Website, 3rd District of Laguna were among those hacked by Philippines hackers.

On the other end, Algerian hacker named as DZ27 hacked and defaced three Egyptian government websites. Targeted websites include the Information System Institute for Egyptian Armed Forces, a subdomain of the Armed Forces and website of Tourism Development Authority Egypt.

Anonymous hacker who went by the moniker "The Messiah" breached a blog linked to Singapore's leading newspaper 'Straits Times' and the hacker claimed a journalist published a "very misleading" blog post about a threat purportedly issued by Anonymous against Singapore's government to protest contentious online licensing regulations.

A message left on the blog page demanded that the journalist resign or apologize within 48 hours to the citizens of Singapore for trying to mislead them. Hackers also accused the government of extending censorship to the Internet in a country where the media have long been tightly supervised.

In a separate incident, The website of the Seletar Airport in Singapore was also hacked by an unknown hacker, and the defaced page designed with a black and green background with a skull wearing a hood in the middle. But it was fixed within half an hour.

The cyber attack on Syrian, where three Government websites from Syria and around thousands of commercial websites were defaced by Syrian hackers introducing themselves as RBG Homs, Silent Injector and Syrian Hexor. The hack is a part of an operation called #opSyria and complete list of hacked websites published online at pastebin.

Another separate attack, where an Anonymous hacker defaced the website of a law firm that defended a US Marine who faced charges in connection with the 2005 killing of 24 Iraqi civilians. Puckett served as the lead defense lawyer for Staff Sergeant Frank Wuterich, who faced a US military court martial last month in connection with the killings in the Iraqi town of Haditha. Hackers claimed that they have published online 3GB Data of private email messages of attorneys Neal Puckett and Haytham Faraj.

Also, Hundreds of Mexican web sites defaced by a hacker named as ExpirED brain Cyber army. The complete list of targeted websites is listed in a pastebin note. Here the reason of the attack is not clear, neither mentioned by the hacker.

He had not just participated in DDoS attacks, but also stole information belonging to users and administrators. The court estimates he did $60,000 worth of damage by attacking major government websites included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites.

His lawyer also described in the Court that buy saw it as a challenge, he was only 12 years old and was no political purpose.

According to Montreal police, the boy also taught others how to hack. The 12 year old was among the several hackers arrested over the Anonymous protest.

While others have been arrested in connection with the DDoS attacks that resulted, the court was told that the information obtained from the kid had opened the door for them to attack further.

'It's easy to hack but do not go there too much, they will track you down,' kid said.

Now a day, Hackers doing the damages are often children or young teenagers. Changing accounting records, stealing money by making false bank transfers, altering prescriptions so the people can become sick, sending out bad e-mail using other people’s names - these breaches of integrity and authenticity are all obviously bad.

In 2000, a 15-year-old Montreal boy, know as Mafiaboy, did an estimated $1.7 billion in damage through hacking. He was sentenced to eight months in youth detention and subsequently received several job offers in cybersecurity.

If your kids are interested in computers and want to know more about criminal hackers, they can learn a lot by joining the computer club at school, participating in discussion groups online, and reading.

Today a cyber attack on Pakistan Government servers crash many Government departments's official websites including Ministry of Information Technology, Ministry of Railways, Ministry of Economic Affairs & Statistics, Ministry of Interior, Ministry of Religious Affairs, Ministry of Science and Technology, Ministry of Environment and many more.

Indian Hacker 'Godzilla' continue to strike Pakistan Government because of their support to terrorism activities. Hacker said,"all network owned including switches because they deserve it, I have not touched any innocent website because target is only Government"

While Pakistani official are already aware about the risk from the newest viruses, worms and cyber attacks, so they having their servers running through a proxy server located at http://202.83.164.6/ ,but flawed cyber security practices once again results to messed up whole setup and hacker successfully breach into centralized local server located at 192.168.70.103 b/w website hosting server & proxy server at machine.

Hacker claimed to breach this centralized IBM server with Layer 2-3 Gigabit Ethernet Switch Module for IBM eServer, BladeCenter. This IBM server further connected to 22 local machines that were used to build the proxy server, that was securing the digital cyber space of Pakistan.

"They are running it through a local system 192.168.70.103 which is been shut down as we have access of the switch" he said.

After attack, shutdown of above server

Websites under attack:

www.moitt.gov.pk

www.railways.gov.pk

www.ead.gov.pk

www.interior.gov.pk

www.ipc.gov.pk

www.mora.gov.pk

www.establishment.gov.pk

www.housing.gov.pk

www.mosp.gov.pk

www.planningcommission.gov.pk

www.minorities.gov.pk

www.lgrd.gov.pk

www.moenv.gov.pk

More than 24 hours, the Gateway of Pakistan website (http://www.pakistan.gov.pk/) was also down because of same security breach, but official managed to recover that server after removing routing that one via same targeted proxy server.

Hacker also claimed to have access to File server of Pakistan Government. Network and server admins are working hardly to fix the issue generated after security breach, at the time of reporting this news,above listed all sites are down.

Kaspersky Lab's team of experts recently published a new research report that analyzed that Cyber criminals have targeted government officials in more than 20 countries, including Ireland and Romania with a new piece of malware called 'MiniDuke'.

In a recent attack, malware has infected government computers this week in an attempt to steal geopolitical intelligence. The computers were infected via a modified Adobe PDF email attachment, and the perpetrators were operating from servers based in Panama and Turkey.

According to Kaspersky Lab CEO Eugene Kaspersky,"I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world."

Last week Adobe released an update that patches the Adobe PDF bug (CVE-2013-6040) used in the attack. Once it was opened, the MiniDuke malware would install itself on a victim's computer. It is not known what information the attackers are targeting.

The role of hacker is recognized as crucial today in cyber security, these specialists are the nightmare of security experts but their knowledge is fundamental to understand the vulnerabilities of our infrastructures … think like a hacker if you want really protect your system.

But hacking is a culture, a way of life that is hard to match ago with the business logic, true hackers don’t do this for money, money are fundamental but not all, the must for them is always to put into question their capabilities, try to consistently exceed their limits.

Fortunately industry, private business and governments have understood it and have re-evaluated the importance of hackers, these specialists were once seen as shady individuals to avoid, today they are highly sought professionals in both private business and government sectors.

Discover vulnerabilities before attackers could exploit them is essential, millions of people and devices are connected to the network, a unique opportunity for groups of cyber criminals and state sponsored hackers, who control the global network will control the world.

Hackers are professionals that spend their time trying to discover vulnerabilities to exploit in any architecture, their work has a great commercial value, the results of their effort, the exploit of vulnerabilities is a precious commodity for intelligence agencies and private companies, their knowledge in fact could open the door to richest businesses.

Every day we read about cyber attacks, every day we read of government initiatives to protect infrastructures recruiting hacker as consultants. Recently Japan's National Police Agency has started a program to promote knowledge exchange with ethical hackers on principal attack techniques adopted by cyber criminal organizations with the intent to acquire more information on such crimes.

The authorities fear the spread of malicious agents designed to remotely control victims according The Japan Times, the police desires to a gather information on the cyber threat and to plan an awareness campaign on the population to avoid an attack on large scale that could have serious consequences.

Japanese government is very attentive on the topic, defense ministry announced to set up cyber defense unit by 2013, Japan is one of the countries most affected by cyber attacks in particular by cyber espionage campaign that hit its industrial and research sectors.

Other opening signal comes from the U.S. Government, which for years has launched a recruiting campaign for hire in his masks the valuable professionals and their knowledge. Recently the U.S. government has announced the creation of the National Day of Civic Hacking, scheduled for the next 1 and 2 June, an event open to all cyber experts who want to make a contribution to improve the electronic systems of the country.

The official announcement states:

“Civic Hacking Day is an opportunity for software developers, technologists, and entrepreneurs to unleash their can-do American spirit by collaboratively harnessing publicly-released data and code to create innovative solutions for problems that affect Americans. While civic hacking communities have long worked to improve our country and the world, this summer will mark the first time local developers from across the Nation unite around the shared mission of addressing and solving challenges relevant to OUR blocks, OUR neighborhoods, OUR cities, OUR states, and OUR country.”

Similar initiatives are fundamental for US and its cyber strategy, they have dual scope, make awareness on cyber security issue and try to involve citizens in the development of solutions and promoting of ideas to protect the country and its assets from attacks coming from the cyberspace … that is an excellent example for promoting a positive hacking culture.

Many other governments are improving their cyber capabilities recruiting hackers unfortunately, in many cases, the main purpose is the offense, create new instruments to penetrate the opposing networks.

China, Russia, Iran, North Korea, Israel and the same U.S. are the countries that major investing in the creation of new cyber units composed by hackers involving them in offensive cyber operations and cyber espionage campaigns.

Another dangerous phenomenon is the born of group of cyber mercenaries, skilled hackers that work for governments, but principally for cyber criminal organizations, providing hacking services such as targeted cyber attacks or development of specifically crafted malware. Recruit hackers is not so hard, it is possible to do it on various underground forums or in the Deep Web, this professionals and related cost are very cheap in majority of cases.

The question raise a fundamental question, which are the limit of ethical hacking? When an hacker discover a vulnerability which is the correct and ethical behavior to assume?

The monetization of their researches and the incredible and uncontrolled request of hacking services has thrown the hacking world into anarchy attracting dangerous forces like the cybercrime and governments.

In this chaotic moment governments and private businesses have no choice, they must play the same game being informed on the principal cyber attacks techniques, the knowledge is necessary to preserve the assets in the cyber space. Cyber security must be at first place in government strategy as in the private company policies, the figure of the hacker must be considered essential for the evaluation of security level of any infrastructure but this is not enough in my opinion, the introduction of hacker in business context, but also in government environment must be regulated by strict rules, that is the very challenge.

A new sensational discovered has been announced by Kaspersky Lab’s Global Research & Analysis Team result of an investigation after several attacks hit computer networks of various international diplomatic service agencies.

A new large scale cyber-espionage operation has been discovered, named Red October, name inspired by famous novel The Hunt For The Red October (ROCRA) and chosen because the investigation started last October.

The campaign hit hundreds of machines belonging to following categories:

Government

Diplomatic / embassies

Research institutions

Trade and commerce

Nuclear / energy research

Oil and gas companies

Aerospace

Military

The attackers have targeted various devices such as enterprise network equipment and mobile devices (Windows Mobile, iPhone, Nokia), hijacking files from removable disk drives, stealing e-mail databases from local Outlook storage or remote POP/IMAP server and siphoning files from local network FTP servers.

According security experts involved in the investigation the cyber-espionage campaign was started since 2007 and is still active, during this long period the attackers obtained a huge quantity of information such as service credentials that hav been reused in later attacks.

The control structure discovered is very complex and extended, more than 60 domain names and several server hosting located in many countries mainly Germany and Russia. A particularity of the C&C architecture is that the network is arranged to hide the mothership-server true proxy functionality of every node in the malicious structure.

Security experts were able to sinkhole six of the 60 domains used during the period 2 Nov 2012 - 10 Jan 2013, registering over 55,000 connections to the sinkhole from 250 different victim’s IPs from 39 different countries, with most of IPs being from Switzerland. Kazakhstan and Greece follow next.

Red October Geo-distribution of victims

Which are the vulnerabilities exploited for the attacks?

The security expert discovered that at least three different known vulnerabilities have been exploited

CVE-2009-3129 (MS Excel) [attacks dated 2010 and 21011]

CVE-2010-3333 (MS Word) [attacks conducted in the summer of 2012]

CVE-2012-0158 (MS Word) [attacks conducted in the summer of 2012]

Evidences collected during the investigation let security specialists to believe that attackers have Russian origins, but strangely they appear unrelated to any other cyber attacks detected until now. The exploits appear to have been created by Chinese hackers.

Attack Method

These attacks is structured in two distinct phases according a classic schema of targeted attacks:

Initial infection

Additional modules deployed for intelligence gathering

In the initial phase the malware is delivered via e-mail as attachments (Microsoft Excel, Word and, probably PDF documents), once victims opened the malicious document the embedded malicious code initiated the setup of the main component which in turn handled further communication with the C&C servers, after the malware receives from the C&C server a number of additional spy modules.

The way to infect entire network is very efficient, the hackers used a module to scan target infrastructure searching for vulnerable machines. The attacks against each machine and related services is made exploiting the above vulnerabilities or gaining access to it using credentials collected during other attacks of the same campaign. The exploits appear to have been created by Chinese hackers.

What alarms me is that such campaigns could be going on for years with disastrous consequences ... what to do at this point? How is it possible that an operation so extended escape for so long to world wide security community? Who is behind the attacks? Cyber criminals or state-sponsored hackers?

The developers behind ROCRA, who are Russian, are comfortable using Chinese malware and adapting it for their own use according to the Kaspersky report. This fits the RBN profile to a ‘t’. I ran 13 IPs listed in Kaspersky’s report against the RBN list maintained by James McQuade and found matching IP blocks for five of them:

Malicious servers

178.63.208.49 matches to 178.63.

188.40.19.247 matches to 188.40.

78.46.173.15 matches to 78.46.

88.198.30.44 matches to 88.198.

Mini-motherships

91.226.31.40 matches to 91.226.

It has been my belief for many years that the RBN has a working relationship with the Russian government; that it disappeared from view when the FBI sought the assistance of the FSB to shut down their operations in 2007 (as detailed in chapter 8 of my book); and that it has continued operating below the radar all this time. It provides distance and deniability to the FSB for certain offensive cyber operations and, in exchange, the FSB allows the RBN to operate as a criminal enterprise; a portion of which involves selling the data that it steals to whomever is interested.Red October is already the most significant find of the new year. If, in fact, Kaspersky has uncovered an RBN-controlled espionage ring, it’s going to be one of the most important discoveries of the decade.

One of the 'The Hacker News' reader inform us today about porn content on some Indian Government websites. After analyzing such websites, we came across more than 30 sub domains belongs to 'entegramam.gov.in' . Where 'entegramam' means "My village" and all sub domains of this website are names of the different cities of Kerala state.

The websites are in Malayalam language and most of the sites are powered by Joomla and Drupal (older vulnerable versions) with discussion forums on them. On our further analyze we found that time stamp of the Porn articles posted on forum dated back to "2012/08/30 16:00".

That means, Government websites hosting Child Porn content from last four months and authorities or the moderators of the website are not aware about the issue. On a simple Google search, one can found all such pages : site:gov.in "nude" for further reports and analyzing.

Google also giving notification "This site may be compromised" for few websites in same search, showing that some of these websites are also compromised by hackers.

What if Government websites itself serving Porn ? Child Porn is not legal in any country and shameful act. Child pornography in India is also illegal. In February 2009, the Parliament of India passed the Information Technology Bill," banning the creation and transmission of child pornography. The bill enables India's law enforcement agencies to take strict action against those seeking child pornography. For example, browsing for child pornography on the Internet can lead to a 5 year term of imprisonment and a 1 lakh fine".

These Forums are actually started by Kerala Government as a project to share information regarding "Education", "Health", "Agriculture", "Tourist", "Sports", "Science" and more. We found that threads on forums are active to current dates, there should be some moderators also who look for abused or illegal content, but in this case ,Government host and forget !

Government always give stats , why no reasons for Lack in Security ? Recently, Indian Computer Emergency Response Team ( Cert-In) proudly share report in media that over 14,000 websites have been hacked by cyber criminals till October this year. Even the actual number is 10 times they claimed, but the point is, why they never mention the reasons of lack in security ?

Running responsible Government websites without monitoring or moderators is not a good security practice at all. We Request authorities , if you host something - please moderate them.

Protesting against attacks taking place on Gaza, Anonymous hackers attempts to hack most of the Israel websites in the past few days. "government and private websites are under siege from hackers, who have mounted 44 million cyberattacks in less than a week", the government said.

Finance Minister Yuval Steinitz said just one hacking attempt was successful on a site he did not want to name, but it was up and running after 10 minutes of downtime.

Israel said that it generally experiences a few hundred hacking attempts per day. The attacks are reportedly coming from around the world.

Defence force sites have been the hardest hit, while the president’s site has been hit 10-million times, the foreign ministry seven-million times and the prime minister three-million times.

Both sides have been active on social media, with the Israeli Defence Force (IDF) going so far as to live blog some of its manoeuvres on Palestine. Combatants and civilians in Palestine meanwhile have been more active on Twitter, receiving support from hacker collective Anonymous.

Among the group's other high-profile targets were the websites of Israel's Kadima Party, which was taken offline shortly after being hacked, and Bank of Jerusalem. Most of the sites that were hacked appeared to be unavailable, but others displayed pro-Palestinian images and messages.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

A Hacker going by name - "LegitHacker97" claiming that he successfully access a NASA subdomain website , that actually belongs to a US Government computer, as mentioned on homepage.

***** WARNING *****

This is a US Government computer

Hacker also dump a 82.51 MB (compressed or 337 MB uncompressed) Archive five days ago on internet, includes the complete source code of the website (in ASP). After watching the pastebin note, we tried to contact the hacker for collecting more information about the hack.

Hacker describe The Hacker News via mail that,"This was hacked by a major LFI vulnerability which allowed me to upload my own shell (backdoor to the site) and I took advantage of it by downloading all off the website !". He add ,"But now vulnerability is fixed".

I download the dump from the link posetd by hacker in pastebin note and tried to match the files with NASA website and subdomains, and found that these file actually belongs to one of the NASA subdomain at https://nsckn.nasa.gov as mentioned by hacker in mail to The Hacker News. But still, I was confused about , how hacker get into area where only authorized users can login.

After exploring more on internet, I found a article on SpaceRef that "NASA Space Launch System Technical Document Access" on NASA website at domain https://nsckn.nasa.gov, but one need to request an account for accessing the documents from NASA's Contracting Officer McCollister at joseph.m.mccollister@nasa.gov.

It can be possible that, Hacker social engineered the folks at NASA to get in and then found some Vulnerability to get access to server, because Social Engineering is the only weakest Link in Information Security and there is no patch for Human stupidity.

Stay tuned for more updates about the the hack !

Update: Hacker upload archive on few more file sharing sites as listed below: